Namaste y’all! In todays Siri dictated blog post, I will show you how you can configure access control lists (ACL) for a directory using Intune Proactive remediations.
The issue I was facing was that regular users do not have modify permissions to the public desktop on their corporate devices, meaning that the user is unable to remove annoying shortcuts that would get placed there by the various apps they install. While this is hardly a high priority task to solve. I believe that the user experience should be taken into account and amended if possible.
Using Group Policies, this is a trivial task, but Intune has no proper built in substitute. So we have to improvise and that’s where Proactive remediations comes into play..
Relatively straight forward, the script checks if the relevant filesystem rights have been assigned, if not, it will error out and report non-compliance
Should the discovery report non-compliance, the following will execute.
Set this to run in the system context and deploy to the relevant group using these steps https://docs.microsoft.com/mem/analytics/proactive-remediations#deploy-the-script-packages. Given the nature of this code, you can safely set the daily interval to a fairly high value.
Obviously, this example are pretty simplistic, but it can give you an idea how Proactive remediations can be utilized to fill in the gaps if you are using Intune to manage your windows devices.
If you run into any issues or have questions about anything Intune related head over to theWinAdmins discord communityand go to the
Jóhannes Geir Kristjánsson Contributor
Microsoft MVP, enterprise mobility, Owner of winadmins discord and stunt guy on http://intune.training